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(57) ABSTRACT 

A CPU is provided with an ability to modify its operation in 
accordance with an encryption key. When a program is 
compiled, the program is modified in order that execution 
may be performed with the CPU changes with respect to 
pipelined ^instruction routing. Logic on the CPU is able to 
route a subset of the register bits, and selects destination 
logic gates in the microprocessor in a manner consistent 
with a programmable instruction decoder. This in turn 
establishes an instruction bufifer interdependency. 
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SECURE PROGRAM EXECUTION USING determine what is necessary to circumvent restrictions on 

INSTRUCTION BUFFER use by unauthorized persons. Therefore, it is desired to make 

INTERDEPENDENCIES • the unauthorized duphcation or use of a program uneco- 
nomical. In order to do that, it is desired to provide an 

CROSS-REFERENCE TO RELATED 5 encryption scheme which prevents unauthorized persons 

APPLICATIONS from "attacking" the encryption of the software through 

U.S. patent application Ser. No. 09/377343, entitled ^"^^y^^ °^ ^°P^^ ^^'P^^ of commands and 

Microprocessor in Which Logic Changes During Execution, instruction sets from the software. It is further desired to 

U.S. patent application Scr. No. 09/377,298, entitled Execu- P^^^^^ ^ software encryption technique m which there arc 

tion of Instructions Using Op Code Lengths Longer Than extcmal indicia of a decryption technique which can be 

Standard Op Code Ungths to Encode Data, U.S. patent "^ed to analyze the encryption of the software. It is further 

application Scr. No. 09/376,654, entitled Secure Program ^^^''^ software be encrypted in such a manner that it 

Execution Depending on Predictable Error Correction, U.S. ^ unnecessary to decrypt the software in order to accom- 

patent application Sen No. 09/377;344, entitled Logic Block P^^^ execution of the software. 

Used to Check Instruction Buffer Configuration, U.S. patent SUMMARY OF THE INVENTION 
application Ser. No. 09/377,299, entitled Microprocessor 

Instruction Result Obfuscation, and U.S. patent application According to of the invention, a microprocessor processes 

Ser. No, 09/377,297, entiUed Secure Execution of Program computer programs which are selectively operable on 

Instructions Provided by Network Interactions with selected ones of individual processors. The microprocessor 

Processor, all invented by Alan C. Folmsbee and commonly according the present invention includes an instruction 

assigned, share common subject matter. These applications buffer with a predetermined plurahty of bit locations, and 

are incorporated by reference herein in their entirety. further includes reconfigurable logic circuitry for processing 

instructions from the instruction buffer. Additionally the 
FIELD OF THE INVENTION microprocessor includes a programmable instruction 
This invention relates to a system for providing computer ^ decoder which interprets instructions represented by bits 
program instructions in an encrypted manner, wherein stored on the instruction buffer, and the logic circuitry routes 
execution of the encrypted program is performed by digital ^he register bits to subsequent bit locations within the 
logic hardware. More specifically, the invention relates to instruction buffer. The subsequent bit locations must con- 
using the instruction buffers of a processor to control the form a predetermined interdependency criteria corre- 
execution of encrypted instructions. spending to the predetermined format subsequent to execu- 
tion of at least one instruction by the logic circuitry, and the 
BACKGROUND OF THE INVENTION logic circuitry provides a verification of the interdependency 

Microprocessors characteristically perform a series of catena, 

instruction buffer operations during program execution, More particularly according to the invention, in order to 

which follow a series of steps. While each step changes the execute program instructions, buffer interdependencies must 

information stored in buffers in the microprocessor, there is match those predicted by the compiler. If one were to reverse 

generaUy a discernable pattern which is established by the engineer the program, the interdependencies may not match, 

steps, thus enabling undesired surreptitious analysis. and this provides a means of detecting unauthorized use. 

It is possible to provide more elaborate protective systems 40 According to a further aspect of the invention, a CPU is 

for encoding the software, by use of proprietary hardware provided with an ability to modify its operation in accor- 

components for example, or even by requiring the end user dance with an encryption key. When a program is compiled, 

to comply with registration requirements in order to enable the program is modified in order that execution may be 

software operation. In that respect, the encryption scheme performed with the CPU changes with respect to pipelined 

for the program ensures that the program is executable in 45 instruction routing. Logic on the CPU is able to route a 

unencrypted form, at least with respect to the instruction sets subset of the register bits, and selects destination logic gates 

provided to the CPU. Unfortunately, the instructions pro- in the microprocessor. This in turn establishes an instruction 

vided to the CPU are in a form that is understandable by the tiuffer interdependency. 

CPU prior to CPU execution. Thus, it is easy for an According to one aspect of the invention, a microproces- 

unauthorized user to determine what is necessary to operate 50 sor contains logic able to route a subset of bits from selected 

the programs successfully. bit locations in the buffer to destination logic circuits in the 

It is often desired to provide software and updates of microprocessor. The destination logic circuits then provide 

software to end users in such a manner that the software is verification of whether the register bits meet a predeter- 

transferred through pubhc channels, such as the Internet. To mined critena. 

provide such software in restricted form, it is desired to S5 An instruction buffer on a keyed microprocessor contains 

provide security to the distributor of the software so that the logic which is able to route a subset of the instruction bits on 

software is not subject to unauthorized use. In particular, if the microprocessor. This selects destination logic gates in 

software is shipped via public or private channels, it is the microprocessor which eventually reach a programmable 

desired that the end user of the software can only use the instruction decoder. If the interdependencies fail to match a 

software on the end user's specified computer, and that the eo predetermined acceptable pattern, then the interdependen- 

software not be willingly or unwillingly shared by the end cies are deemed not to match. 

user. By computer, it is intended that this includes personal According to a further aspect of the invention, a micro- 
computers, smart cards, work stations, dedicated CPUs processor is able to process computer programs which are 
embedded in hardware appliances, and any other device in selectively operable on selected ones of individual proces- 
which integrated circuit (IQ microprocessors may be used, es sors. A key is shared by the microprocessor and a compiler, 
In some programs, the cost of the programs to the end user and the key is used by the compiler to encrypt standard 
is such that it becomes economical for third parties to instructions into encrypted instructions. An instruction 
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buffer on the keyed microprocessor contains logic able to 
route a subset of the instruction bits from any bit locations 
in the buffer to destination logic circuits in the micropro- 
cessor. Tht instruction bits reach a programmable instruc- 
tion decoder, and the routing of the instruction bits is 
controlled in accordance with the key. 

According to a further aspect of the invention, a computer 
program is executable on a selected processor. The processor 
buffers instructions as instruction bits on the microprocessor. 
A subset of the instruction bits are routed from bit locations 
in the buffer to destination logic circuits in the micropro- 
cessor. The instruction bits then reach a programmable 
instruction decoder. 

According to a further aspect of the invention, a micro- 
processor processes computer programs which are selec- 
tively operable on that particular microprocessor. Logic 
instructions for executing encrypted program instruction are 
received at memory locations. Logic circuitry modifies 
operation of the microprocessor in accordance with logic 
instructions stored in the memory locations. The logic 
circuitry is configurable in accordance with the received 
logic instructions. 

In the invention, a microprocessor uses a programmable 
instruction decoder to decode encrypted instruction op 
codes. The decoding is accomplished without decrypting the 
op codes and logic gates immediately process data. The data 
representation changes change during the execution, which 
has the effect of securing the program from analysis for 
decryption. 

A custom instruction set is provided for each CPU chip or 
groups of CPU chips. That custom instruction set is used by 
the software manufacturer to provide a unique version of a 
mass produced program to a customer for program operation 
with a microprocessor chip. The CPU is therefore pro- 
grammed for that custom instruction set. The length of each 
instruction, and the other features of this invention are 
configurable to have according to the present invention 
crypto graphically significant level of security when viewed 
from the IC pins. Pirates who examine signals inside the IC 
will accordingly be deterred from success by the inventive 
features described herein. 

A secure key is used in configuring both the encrypted 
software with a compiler and the microprocessor system 
executing the encrypted software so that the instructions 
provided by the compiler are only executable by an IC which 
use the same key. This key is stored on the IC in non-volatile 
memory, and it controls the instruction decoder, the rccon- 
figurable logic, the signal routing, the error corrections to the 
instructions executed, the sequencer circuit, and instruction 
buffer content interdcpcndcncy checking circuitry. The key 
also determines the program counter operations which 
would not be incremented in the usual manner. The key also 
controls instruction result obfuscation circuits so that com- 
mon microprocessor results, such as the ANDing of two 
operands, are not easily recognized by the surreptitious 
observer. The key controls memory mapping in the IC so 
that physically fixed memory resources are allocated in 
different ways for ICs with different keys. 

The way instructions are executed ensure that, an adver- 
sary attempting to pirate the software will have difficulty 
understanding the results of instruction execution. It is a goal 
of the present invention to anticipate pirate attacks, and to 
provide measures which will thwart their tactics. TTie micro- 
processor chip according to the present invention will use 
instructions, data, addresses, and RAM memory as well as 
instructions with bits in each instruction configured cause 
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confusion for attackers, but which are disregarded by the 
instruction decoder of the present invention during execu- 
tion. 

According to another aspect of the invention, physical 
5 aspects of the logic architecture are varied according to keys. 
Software compiled according to the keys is implemented so 
as to accommodate these changes. This allows variations in 
memory block size and layout, as well as variations in 
pipeline use. Since each CPU could be provided with a 
10 different key, the software compiled according to one key 
would not work with a CPU varied according to a different 
key. 

According to another aspect of the invention, a CPU has 
its logic gates configured to perform variable logic instruc- 
tions. The logic gates may be reconfigured according to a 
key. Even though the instructions may be coded to obscure 
their meanings, the instructions still specify ordinary opera- 
tions like AND, OR, ADD and COMPARE. So to make 
these operations more difficult for an adversary to recognize, 
measures will be taken. The logic gates which calculate the 
result of each basic operation will be variably allocated from 
several possible sets of logic gates. Also, the result of the 
basic operation will be made more obscure than is normally 
done. The operands that are used as inputs to the logic for the 
^ basic operations can be in two different formats, so an 
adversary has a difficult time understanding what is going 
on. 

BRIEF DESCRIPTION OF THE DRAWINGS 

30 

FIG. 1 is a diagram which illustrates major components of 
the inventive CPU, in which instructions are compiled for 
execution by the specific CPU. 

FIG. 2 is a diagram which illustrates how instructions are 
35 routed from the instruction buffer of the microprocessor 
under control of keyed switch bits. 

FIG. 3 is a diagram which shows an example of an 
implementation of the encryption done by the compiler 
according to the invention. 

40 . . . . 

FIG. 4 IS a diagram which shows the reverse wire crossing 
done by the CPU according to one embodiment of the 
invention: 

FIG. 5 is a diagram which shows how interdependencies 
45 between operations are checked in the instruction buffer. 

FIG. 6 (prior art) is a diagram which illustrates how 
memory placement on a typical microcontroller is imple- 
mented. 

FIG. 7 is a diagram which illustrates how memory place - 
50 ment according to the present invention differs from ordi- 
nary microcontrollers. 

FIG. 8 is a diagram which illustrates where the ROM 
sections may be placed in a microprocessor system accord- 
ing to the invention. 

FIG. 9 is a diagram which ill\istrates how instruction 
results are obfuscated. 

FIG. 10 is a diagram which shows how multiple access 
flags can be placed within a CPU according to the present 
gQ invention. 

DETAILED DESCRIPTION OF THE 
INVENTION 

FIG. 1 is a diagram of a microprocessor system according 
65 to the present invention. In the embodiment shown, the 
microprocessor system includes a CPU 11 . fabricated on a 
single chip. The CPU 11 according to the invention includes 
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reconfigurable logic 13, a programmable instruction decoder The keys used for encryption and corollary configuratioo 
15, fixed data stores such as a serial number block 17, ROM may be chosen at random. Each key is expanded according 
19, and variable data stores such as a random number to one embodiment to a longer set of non -volatile bits that 
generator 21, RAM 23, and E^PROMS 31-35. A control control the microprocessor's logic customization, and may 
circuit 37 and check logic system 39 are also included on the 5 be called "switch bits". Some of the key bits control the 
CPU 11. The diagram further shows the flow of encrypted instruction decoding and other key bits control hardware 
information from a compiler 41, which produces a software memory and logic allocation. These parts of the key may be 
program for the inventive CPU 11. It is of course understood controlled independently, 
that the software content can be transferred indirectly to the A Microprocessor as a Block Cipher 
microprocessor system, and may involve intermediate pro- FIG. 2 is a block diagram of the programmable instruction 
gram storage as well as other peripheral functions. decoder system 15 including an instruction buffer 51 con- 
Software is provided for execution on the CPU 11 in a '^^^^Q multiple registers 53, 55, and 57; and associated 
selected language subject to compilation into sUndard mu Up exers 63, 65 67 which are connected to the 
op-codes. Then These op-codes are encrypted using a key ^iple register^ 53-57. FIG, 2 also shows a multiplexer 
v.. , A f c • *u ' control circuit 69 and a sequencer 71 which is part or the 
which matches the key used for configuring the inventive ^^^^^^ ^ 3^ 

CPU 11 during execution. The encrypted OP-codes are ^.^^ ^^^^^ ^^^^^ instruction words processed 
combined with camouflage or surplus bits according to one ^ multiplexers 63-67 receive multi- 
aspect of the present invention and the resulting code stnng, ^^^^ control codes fi-om the multiplexer control circuit 69 
thus, has its bits permuted according to the key. The result- ^^ikh in turn receives instruction codes from the sequencer 
ing bit string is then gathered into long instruction words, 20 71 in turn. The sequencer 71 in turn determines a particular 
such as 128 bit words, and these long words are gathered sequence that the registers 53-57 deliver their data for 
into multi-word groups that wiU fit in the instruction buffer further processing, so that it is possible to provide this data 
of the CPU 11, Some camouflage bits are replaced by fi-om the registers 53-57 in different orders, as determined 
interdependency bits that will be dependent on other inter- t>y the sequencer 71. In addition, the multiplexers 63-67 can 
dependency bits in other long instruction words. These 25 be used to control other functions. By way of example, 
encrypted long instruction words may then be distributed multiplexer 63 is shown controlling a sequencer reset code 
without further protection to the CPU 11 having the match- stored at block 75. Error correcting codes stored at block 77 
ing key configuration. The encrypted instructions arc thus in ^re controlled by multiplexer 65, which controls error cor- 
a form that can only be executed by a microprocessor rection operation, as represented at block 79. The error 
configured according to the matching key. When the instnic- 3Q correction circuitry 79 is also supplied with key bits stored 
tion buffer of the CPU 11 is loaded with several long at block 81. Op codes received from multiplexers 63-67 are 
instruction words, interdependences are checked by logic Y[q\6 at register 83, after being processed by the error 
gates, permutations are reversed, and encrypted op-codes are correction circuitry 79. It is noted, however, that it is also 
recovered. Decryption is not performed to provide standard possible to provide information from the different multi- 
op-codes, because the instruction decoder on the CPU 11 35 piexers 63-65 to different circuits. By way of example, 
responds to encrypted op -codes. Some of the camouflage multiplexer 63 provides configuration information to the 
bits are error correcting codes to be used on errors that were ^j-^q^. correction control circuit 77. 

intentionally put in the instructions or data. since the execution of the code, as encrypted, is accom- 

In FIG. 1, the CPU 11 is shown including predetermined plished by the operation of the microprocessor, no actual 

functional blocks including logic circuitry, represented at 13. 40 decryption algorithm is needed. Therefore, it is possible to 

In order to allow the CPU 11 to execute programs which are operate encrypted instructions in a computer without 

encrypted, the CPU 11 also includes a programmable decryption. This protects encrypted programs from attacks 

instruction decoder 15 as well as circuitry to store informa- during encryption. This also makes it possible to provide 

tion specific to that particular CPU 11. This specific infor- secure software to persons who are not eligible to receive 

mation includes serial number information 17, additional 45 data decryption programs. 

identification information in ROM 19, a random number Mapping of a "block cipher** according to the present 

generator 21, and random access memory 23. The logic 13 invention to a complicated microprocessor hardware basis 

is structured so as to be reconfigurable according to key bits, enable logic reconfiguration. In the past, block ciphers have 

ROM bits and externally provided instructions. operated on abstract information, with the microprocessor 

The CPU 11 is further configured with a distributed 50 that performs the cipher being an exact copy of many other 

plurality of memory stores used for specific decoding infor- iCs. The invention changes the paradigm from the realm of 

mation and for increasing the level of security. In one abstract information into the realm of reconfigurable logic 

embodiment, these memory stores are provided as that forms a machine. Instead of manipulating data in 

E^PROMS 31-35. The use of E^PROMs permits the infor- complicated ways using concepts that are intended to create 

mation to be rewritten to the CPU 11 but to remain as 55 bewildering informational complexity, this invention 

nonvolatile. The E^PROMs 31-35 arc used to specffy par- manipulates complicated hardware using concepts that 

ticular configurations of the reconfigurable logic 13 of the should present adversaries with an IC that seldom has the 

CPU 11 . same major signals used on the same conductors for different 

According to the invention, once the CPU 11 is configured ICs. Each CPU chip produced, according to the present 

in a particular way, in order to use the particular 60 invention, has an instruction set that can be different from 

configuration, it is necessary to compile program instruc- the instruction set of any other processor. It is not data that 

tions which are modified in order to be executable by the is being descrambled by a standard microprocessor, it is a 

particularly modified CPU 11. This is represented by the microprocessor that is configured to execute particularly 

depiction of the compiler 41 connected to the CPU 11 by a scrambled code. Complexity theory is used in the logic 

communications line 43. If there is a change in the logic and 65 reconfiguration and in the input and output codings so that 

op codes during program execution, these changes are the degree of complexity may be compared to the complexi- 

coordinated in order to enable continuous execution. ties produced by ordinary block ciphers. 
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Errors Which Are Introduced Intentionally 

Encrypting of the software is accomplished, according to 
one aspect of the present invention, by errors which are 
intentionally placed in the data and/or into the instructions. 
The errors are then error-corrected by on-chip circuitry. 
Since there are a variety of ways to perform error correction, 
the particular form of error correction is selected at the time 
of instruction encryption and that particular form of error 
correction is used to corrcd the errors on-chip. By way of 
example, the error correction may be a form of Hamming 
code. Since there is more than one way to perform this type 
of error correction, the data or instructions would be essen- 
tially useless without providing the information concerning 
the particular type of Hamming code being used. 

Tliese codes can come in many varieties, and they can be 
key-dependent. The long instruction words may contain 
modifications to the error correcting codes to that data and 
can have varying error types and correction types. 
Program Executed Without Requirement for Decryption 

The inventive CPU 11 is not a data decryption device, 
according to the present invention. The inventive CPU 11 is 
designed to receive scrambled instructions but not to decrypt 
them. Instead, it uses scrambled instructions and outputs 
results from calculations by operating in a mode that accom- 
modates the particular encrypted form of the data. The 
programs themselves can be written in such a way that data 
decryption is performed. Optionally, data encryption and 
decryption software can be written for the inventive CPU 11, 
as for any other CPU, but that is not the focus of this 
invention. The "Complexity Theory" which may be applied 
to an implementation of this invention would provide an 
analysis of the work complexity magnitude which the 
scrambling and transformations provide. This work com- 
plexity is adjustable by the computer architects who specify 
the detailed implementation of this invention. It is envi- 
sioned that the complexity will be on the order of 2"55 
operations, similar to that of "weak cryptography". That 
amount of work would enable an adversary to produce 
instructions which perform the same calculations as the 
encrypted instructions. 

FIG. 2 illustrates how instructions are used from the 
instruction buffer under control of keyed switch bits that 
change the wiring of the logic signals. These signals even- 
tually go to the instruction decoder. The program counter 
will not be operated by incrementing by one. It will be 
incremented by m, a number determined by the key, the 
serial number, the sequencer 71, and the instruction buffer 
non-instruction contents and instruction contents. Addresses 
for instructions that are executed in sequence are not sequen- 
tial addresses, but are arranged by the compiler to be loaded 
into memory locations which conform to the program 
counter incrementation plan. For exanaple, if "long instruc- 
tion words" are 128 bits long, and each instruction has 9 
OP-codes, and there are 4 long instruction words in the 
instruction buffer, then the program counter may increment 
by amounts from 2 to 18 (modulo 9*4). The compiler would 
have provided for this scheme by gathering op-codes into 
locations planned with this incrementation plan taken into 
account. 

The sequencer circuit 71 is included so that more com- 
plexity is designed into the instruction execution operations. 
Some of the key bits are used to initialize the sequencer 71 
when it is reset. Then the sequencer 71 produces a new 
output code on each n clock cycles. This code will be 
logically combined with encrypted instructions to feed codes 
to the instruction decoder. The compiler shares sequencer 
information in common with the CPU 11 because they share 
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a common key, so the encrypted op-codes are prepared for 
the logical combinations which the sequencer 71 will pro- 
vide. This increases the complexity by making each instruc- 
tion have a varying code that depends on the sequencer 71. 

5 For example, the ANDing instruction would have one code 
the first time it is used, and a different code the second time 
it is used. The number n, which is the number of clock cycles 
between new sequencer codes is designed in coordination 
vnth the data output block size. If the data output block size 
is 1 byte, n is 1 . If the data output block has 8 bytes, n may 
be up to 8. The intention is to obscure the relationship 
between an encrypted op-code and a result so that adver- 
saries cannot simply feed chosen OP-codes and data to the 
CPU 11 and observe a simple relationship between them. 
With this plan, the adversary will observe that a block of 

15 output data has a complicated relationship with chosen data 
inputs and chosen long instruction words loaded into the 
instruction buffer. The CPU 11 will require that the instruc- 
tion buffer be filled before any data results are output. 
Complexity theory is used in the logic reconfiguration. 

20 Adversaries who try to observe the signals on the CPU 11 
will encounter more variability than on ordinary ICs. Logic 
functions will be allocated depending on the key and on the 
sequencer 71. Each CPU 11 with a different key uses 
different metal lines and other conductors to use different 

25 logic gates for standard functions of a microprocessor. 

A memory remapping capability will be implemented on 
the CPU 11 so that memory resources on the CPU 11, which 
have fixed locations on the silicon chip, will be allocated to 
be used for different program variables, depending on the 

30 key. 

Instructions Longer than Minimum 

As an example, each instruction may be 128 bits wide (16 
bytes). Also suppose standard op-codes are one byte each. If 
only 9 encrypted op codes are put in the 16 byte instruction, 

35 this leaves 7 bytes for camouflage, error correcting codes, 
sequencer reset codes, and interdependency codes. A wire 
crossing will permute the 128 bits when the compiler creates 
the 128 bit instruction, and the CPU 11 with the right key 
will reverse this wire crossing before using op -codes for the 

40 instruction decoder. The op -codes are well-known in the art 
of microprocessors and are a form of an abbreviated instruc- 
tion set. An example of op codes are shown in Appendix 5 
(page 316) of Malvino, Digital Computer Electronics, sec- 
ond ed., 1983, ISBN 0-07-39901-8. 

45 FIG. 3 shows an example of an implementation of the 
encryption done by the compiler 41 and FIG. 4 shows the 
reverse wire crossing done by the CPU 11. Referring to FIG. 
3, the compiler 41 receives information from a program 
source at an input circuit 101 an output encrypted instruc- 

50 tions to the CPU at an output circuit 103. The output at 103 
is encrypted for the particular CPU U, as identified by a key 
provided by the software vendor and a serial number of the 
CPU, stored on the CPU 11 at 17 (FIG. 1). The key and the 
serial number are expanded at key expansion circuit 111. 

55 The key expansion circuit provides information to an op 
code translator 113, an error production circuit 115, a 
sequencer scheduler 117 and an instruction buffer model 
119. Op codes are provided by software source code from 
the input 101 and translated into object code at an op code 

60 compiler 121. The compiled op code is translated by the op 
code translator 113 in accordance with the expanded key 
from the key expansion circuit 111. The translated op codes 
are then provided to the instruction buffer model 119. The 
instruction buffer model 119 performs wire crossings of bits 

65 to form encrypted instmctions. 

The error production circuit 115 inserts errors in an 
instmctioo set stored in the instruction buffer model. Since 
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the CPU 11 includes an error correction circuit 79, it is analyzing them. Some bits just separate useful bits so that 

possible to use the errors provided by the error production adversaries cannot tell which bits should be combined to 

circuit to insert errors which are correctable in a predictable compose an op-code. One cncry'ptcd op-codc may have bits 

fashion. The error correction circuit 79 is then able perform in more than one 128 bit instruction in the instruction buffer, 

eaor correction in a predictable fashion in accordance with 5 Instruction block sizes are larger than a predetermined 

error correction data suppUed by error correction code minimum size for performing computational functions of the 

circuit 77. The error production circuit 115 receives its ^^^ip 11. Programs compiled to execute on the CPU U 

control information from the key expansion circuit lU and compiled m a manner to utihze block allocations of 

therefore the types of errors produced match those which instructions according to a key. Smce the blocks of mstruc- 

can be anticipated to be conected. Moreover, certain classes lO ^lons are larger than they need to be intcrdependencies 

of errors can be safely inserted assuming a known error between bits of separate instructions can be provided so that 

correction algorithm is being used. Tlic successful correc- ^^e CPU may check these dependencies for conforinance to 

tion of these errors can be presumed, but only if the known ^^""'^^ ^"JP^" ^} ^PU 11 . 

error correction algorithm is used. Therefore, the successful Logic Architecture that Comprehends Physical Implemen- 

correction of intentionally inserted errors by the error cor- 15 Nation m. a CPU . i , 

rection circuit 79 can be assured. Refcrrmg to RG. 6, a prior art CPU 131 may mclude 

The instruction buffer therefore provides output instruc ^P^^'fi^^ -"^S^^^ ""^"^o"™ ^^^^^^ "^*^"™°''y 1^3, 

tions which include translated op codes, the errors, the '^^^ only^mcmory (ROM) 135 and a non-volatilc inemory 

sequence scheduling information from the sequence sched- ^^^^ as E PROM memory 137. TTie purpose of the different 

uler 117, and key expansion information. This data is 20 ^XP^^ of memory 133-137 may be vancd, although RAM 

provided to the output circuit for providing encrypted com- ^ 'ypically used for program maijipulation, while ROM 

piled instructions along communication line 43. information 135 is used for fixed data. E PROM is less 

In FIG. 4, long instruction words are used in the instruc- ^f^^V manipulated because of the time it takes to write to 

tion buffer 51 of FIG. 2 which permit reverse wire crossing ^ PROM, and is used fox program action mstructions and 

by the CPU 11. Each of the multiple instruction registers 25 other data which is written to the CPU 131 at one Ume or 

53-57 includes more bits than are used to provide the op occasional basis. ^ , ^ , 

codes provided at instruction decoder 83. As represented in . R^^^^g Tx/Sd J^.TL otT^n!^^' 

FIG. 4, the locations of bits within these instruction buffers invention (RAM, E PROM, PROM ROM anti-fuse, fuse, 

is randomized according to the expanded key. The connec- laser-link appears in several distnbuted block sizes m the 

tions between the individual bits in the multiple buffers 30 P^V^'^^^ l^y^^t, mcluding for example 1 bit memory ele- 

53-57 is therefore random, as represented by the errors in ^^nts which are used in logic in a static way. According to 

FIG. 4. There are, however, no hard wire connections from ^^e invention, there are hundreds of distnbuted single bit 

specific bits in the multiple instruction buffers 53-57 to the memory blocks used to comprise an entire memory unit. The 

instruction decoder 83; instead, the data from the registers CPU 141 can include a 16 bit block of memory used to 

53-57 are provided to the instruction decoder 83 through the 35 control reconfigurable logic according to the invention and 

multiplexers 63-67 shown in FIG. 2. !^^.^^ ^^'^er n bit arrays, as is normally seen 

Instruction Buffer Interdependencies ^^s. This tactic increases the complexity of the work that 

Since the blocks of instructions are larger than they need ^n adversary must perform. The distribution of memory on 

to be, interdependencies between bits of separate instruc- ^ CPU is such that the various forms of memory are widely 

tions can be provided so that the CPU 11 may check these 40 ^iftnbuted Thus vanous distnbuted segments of the CPU 

dependencies for conformance to criteria shared by the 1^1 are allocated for RAM 143 ROM 145 and E PROM 

compiler 41 and the CPU 11. FIG. 5 shows how interde- 147. This provides several advantages: 

pendencies are checked in the instruction buffer. 1- Multiple applications which use one CPU may have 

FIG. 5 is a block diagram of the instniction buffer 51 and separate memory blocks. This provides more secure 

a check logic system 39 according to the invention. The 45 separation of information than if only one memory 

check logic system 39 provides an instruction interdepen- block were to be used to hold information for multiple 

dency check between data provided from the multiple reg- applications. 

isters 53-57. By combining key bits and serial number bits 2. In order to provide keyed information and instmctions 
with selective outputs from the multiple registers 53-57 it is which are particular to a specific CPU 141, the instnic- 
possible to provide a verification of the authenticity of 50 tions are written at multiple locations. Thus, the modi- 
information being transferred through the instruction buffer fied instructions for performing an operation under one 
51. Different bits stored within the multiple registers 53-57 particular variant of a program may require instructions 
may include instruction op code bits (represented by I), error changes at various stages within the CPU 141. 
correction code instructions (represented by E), sequencer 3. By locating memory used to reconfigure the CPU 141 
reset codes (represented by S), and validate dependency bits 55 at different locations, it becomes more difiBcult to 
(represented by V). In addition, since there are more bits analyze the CPU to determine which specific codes are 
within the multiple registers 53-57 than required for trans- provided to the CPU 141, 

ferring operation instructions, it is possible to provide cam- TTie configuration of the logic architecture is varied 

ouflage bits (represented by C), which make it increasingly according to keys which are used to encrypt the software and 

difficult to resolve the stored bits of information from the 60 to operate the deconvoluting operational logic of the CPU 11 

shift registers to a decoding algorithm. according to the invention. Software compiled according to 

Fetches from external memory are in blocks of b words, the keys is implemented so as to accommodate these 

where b is a number between 2 and 32, usually. Not all of changes. This allows variations in memory block size and 

the fetched bits are used. This causes confusion for adver- layout, as well as variations in pipeline use. Since each CPU 

saries who try to interpret the behavior of the chip from its 65 11 could be provided with a different key, the software 

pins, without observing internal signals. Some of the bits are compiled according to one key would not work with a CPU 

there for camouflage so an adversary may waste time varied according to a different key. 
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The keys are preferably programmable in non-volatile designed with the physical layout in mind, but it does not 
memory, such as E^PROM (erasable programmable read- depend on that level of detail. This architecture brings 
only memory) cells on the chip. The IC can hold many keys together the need of the end user with the planning of a 
and they can be erased and re-programmed many times. The microprocessor architecture, so that iraplementors have the 
chip manufacturer need not know any of the keys on the 5 framework of security upon which they can specify detailed- 
chip. The user has possession of the chip's security implementations which comprehend past security attacks, 
capabihties, and can decide whether to accept or reject Instruction Result Obfuscation 

conditions established by software licenses. In other words. It is passible for the CPU 11 to have its logic gates 

the user can purchase a microprocessor chip with all keys in configured to perform variable logic instructions. The logic 

a blank state, and then optionally load keys or not load them. lO gates may be reconfigured according to a key. Even though 

Normally, the user will never need to load a secret key, but the instructions may be coded to obscure their meanings, the 

only public keys. The user also has the option of loading instructions still specify ordinary operations such as AND, 

secret keys, instead of using the internal key generation OR, ADD and COMPARE. So to make these operations 

procedure, described in the next paragraph. There is no more difiBcuU for an adversary to recognize, measures will 

function available to read keys out of the microprocessor 15 be taken. The logic gates which calculate the result of each 

chip after they have been stored in non-volatile memory, but basic operation will be variably allocated from several 

an authorized user can erase all of the keys. The trustwor- possible sets of logic gates. Also, the result of the basic 

thiness of the IC manufacturer is not provable, but it is a goal operation will be made more obscure than is normally done, 

of this design to include no hardware on the IC that provides The operands that arc used as inputs to the logic for the basic 

a back door for the manufacturer to use. Software can be 20 operations can be in two different formats, so an adversary 

loaded into the chip to perform secret functions that are not has a difficult time understanding what is going on. This is 

provided by any special hardware, but no software has the a tactic called plausible wrong answers. In this plan, two 

power to control all of the hardware. correct operands and two plausible wrong operands are sent 

The keys for the IC and the compiler 41 may be chosen to ADD circuits. Two answers are calculated, a correct 

at random and given to the compiler 41 and IC by secure 25 answer and a plausible wrong answer. These two results are 

means. However, the following description is one in which then sent to separate other circuits for further buffering or 

the IC creates the keys. Tlie keys are generated by an on-chip manipulations. This bifurcation, when combined with large 

random number generator and are kept temporarily in RAM. data output block size introduces some uncertainty into the 

A public key for a software vendor is entered into the IC and analysis done by adversaries. Plausible wrong answers may 

the key is encrypted with that public key. This encrypted key 30 be included in data output blocks, but would not be used by 

is sent to the software vendor so that a purchased program external devices which are compliant with this scheme, 
can be compiled to produce instructions that will only be Refening to FIG. 8, there is shown a diagram of CPU 11 

executable by the IC that created the key. The IC uses the comprising various ROM bits 141 including serial number 

key to produce the custom instruction decoder functions by information 143, and reconfigurable logic 145, The ROM 

programming non-volatile memory cells in the instruction 35 bits 141 are distributed about the integrated circuit CPU 11 

decoder. The IC then expands the key into an "expanded has the advantage that different controls for the CPU logic 

key" and stores this expanded key in non-volatile memory can be located at different locations. Thus, if a portion of the 

cells around the IC. These bits of the expanded key control logic is reconfigurable, then the actual function of that logic 

switching circuits, reconfigure logic, and in general, cus- can be more readily controlled by the ROM. In addition, it 

tomize the IC to implement all of the security features 40 is possible to mix depletion mode and enhancement mode 

described in more detail in the remainder of this text and bits in ROM 141, so that a visual analysis of the CPU 11 

figures. does not reduce to a clear analysis of the status of various 

The keys will be made partly from unalterable ROM, and logic gates and bits, 
partly from PROM which can be programmed. In addition, FIG. 9 shows the logical operation of obfuscation of logic 

E^PROM memory which can me erased and rewritten can 45 executed by the CPU and illustrates how instruction results 

hold some of the key bits. By using more than one memory are obfuscated. By the use of reconfigtirable logic gates as 

technology and more than one memory location to hold key described in connection with FIGS. 1-2, one is able to 

bits, it makes it more difficult for an adversary to discover all provide a combination of correct and incorrect answers for 

of the bits of the key. each logical operation. Thus, if an operation is defined as 

Ihe inventive arrangement focuses on two levels of 50 using operands A & B, multiple operands can be provided, 

vulnerability for ICs: the pins on the IC package and the thus resulting in correct answers, as well as incorrect 

internal signals on the IC inside the package. According to answers. The purpose of this invention is to make it more 

this aspect of the invention, a microprocessor has its con- difficult for an adversary to gain valuable information by 

ductors allocated and its logic reconfigured into a scrambled observing signals on ICs. Since instructions are never 

arrangement, depending on a key. It can operate on ordinary 55 decrypted into ordinary codes, this is an advancement over 

data in ways that are so different from other copies of the IC, earlier chips that have adversaries. 

so that most adversaries are prevented from leaming valu- The issue arises about recognizing instructions by the 

able information about the keys, about some ROM bits, and actions taken by the ALU pipeline in response to the 

about the instructions. Those adversaries who do learn that nonstandard instructions and data formats. For example, 

information may often be prevented from profiting by that 60 there may be an instruction called AND which takes two 

information by techniques that further vary the operation of operands and calculates the bit wise ANDing result. So 

individual CPUs, Additionally, the data operands and someone may expect it to be easy to recognize the instruc- 

results, which are not' encrypted, have their usefulness tion by its result. Therefore a technique proposed in this 

obscured to adversaries. Data encryption can also be used as invention is to design logic which is difficult to interpret. In 

a higher layer of protection. 65 this example, the logic dedicated to the AND function would 

This aspect of the invention uses a microprocessor that is be configurable into a variety of forms depending on the key, 

being scrambled to process standard data. The architecture is so two different chips would usually have different logic 
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gates allocated to perform the function. Also, a variety of 
result storage gates would be available to be allocated to 
hold the result of the ANDing of. the operands, and the key 
would determine which gates are the ones which are used on 
a particular IC with a particular key. 

This variability of logic gate allocation for instruction 
execution and result storage will make it more difficult for 
an adversary to understand the operations which take place. 
False result gates will be allocated to hold wrong results 
after the instruction is executed to baffle adversaries. 

The two data operands can have different data formats 
(different numerical representations) and the ADD logic 
gates will take these differences into accotmt to produce a 
correct answer. Similar techniques for SUB, MULT, etc. 
(standard instructions) will provide variable allocations of 
logic gates for different ICs depending on the key. This 
multiplicity of key-dependent logic implementations for 
standard logic and arithmetic operations will increase the die 
size but even more, it will increase the difficulties for 
adversaries to profit from signal observations. 

The CPU 11 is provided in which its logic design is 
variable, and when a program is provided for use in the 
particular computer, the program is compiled in accordance 
with the architecture supplied by the microprocessor. There- 
fore the microprocessor has a variable instruction set, at least 25 
with respect to which functions are generated by which 
program sequences in object code. 

The variability is established by and is supplied to the 
CPU 11 in memory stores established by E^PROM, ROM 
and RAM memory on the CPU 11. Thus, when a program is 30 
provided for use in the particular computer, the program is 
compiled in accordance with the architecture supplied by the 
CPU 11 as determined by the key. Therefore, the CPU 11 has 
a variable instruction set, at least with rpspect to which 
functions are generated by which program sequences in 35 
object code. The architecture of a particular chip may be 
established during the logic design of the chip, thereby 
defining the architecture for each CPU chip independently. 
ROM Implementation 

The ROM will hold a serial number, key fragments, 
customized switch bits, and ordinary microcode. Key frag- 
ments are about 8 bits of ROM that are appended to the rest 
of the key that is stored in programmable memory. Custom 
switch bits are ROM cells which control inputs to multi- 
plexers and logic gates so that signal routing for logic gate 
allocation will be partially controlled by these bits. Micro- 
code is commonly used on ordinary microprocessors for 
general purposes. 

Wafer masking techniques usually use "reticles" which 
can have one or several IC images on each reticle; 4 to 16 
ICs per reticle are common. This means that 16 ROM 
versions can be defined for each silicon wafer. All wafers 
from a fabrication run will have the same reticles. The 16 
ROM versions can have 16 key fragments present, each 8 
bits in size. These key fragments would be on the lowest 
planar level on the physical IC. 

The key will not be limited to the lowest layers of the IC 
structure, as some of the ROM bits should be. Some low 
level ROM bits will control the allocation of some logic 
gates. The values of these secret ROM bits are directly 
mapped to the ROM serial number which is partially made 
public. So not every chip made according to the invention is 
the same, even disregarding the keys stored in E^PROM 
cells. If there are 16 versions on a wafer, then many wafers 
will share the same 16 ROM codes. ROM bits may be in 
arrays or in a single bit configuration so that they are 
scattered around the die to customize logic in ways that are 



revealed by the serial number. In this way there appears to 
. be 16 different IC designs due to the reticle design men- 
tioned earher. FIG. 8 illustrates where the ROM sections 
may be placed on the IC. 
5 Preferably depletion implant ROM processing will be 
used because this is known to be difficult to observe visually. 
A depletion device usually is an n-channel MOS transistor 
that has a negative threshold voltage. The purpose is to use 
two non-volatile memory technologies to store information 
10 which reallocates logic gates to form the CPU. By using 
depiction ROM as one of those technologies, some signals 
can remain only on the lowest planar conductor layers of the 
IC structure. This makes it more difficult for some adver- 
saries to measure the states of the logic. 

The invention makes use of reconfigurable logic perva- 
sively. This reallocation of logic gates under control of the 
key bits and ROM bits is largely what makes this idea 
valuable. This makes it difficult for adversaries to profit from 
signal measurements. 
Serial Number Utilization 

Serial numbers are sometimes sent in public view, and 
keys are normally secret. Each chip will have a unique serial 
number which is partly stored in ROM and partly stored in 
E^PROM. The serial number is sent to the compiler 41 so 
that the ROM hardware customization bits will be specified. 
For example, if 16 ROM versions are produced, as previ- 
ously described, then there will be 16 ways in which logic 
hardware will be allocated under control of the ROM codes. 
The serial numbers stored in ROM wiU also have 16 values 
coded in as little as 4 bits. This is one reason for having a 
serial number. 

A second reason for having a serial number is to uniquely 
identify an IC without using cryptography. 

A third way to use a serial number is to encrypt it using 
a public key and then sending it to the owner of the public 
key to be interpreted. 

Optionally, this invention uses a new technique called the 
"partial serial number strategy." This strategy is to never 
show the whole serial number in public, but to only show 
part of it. The serial number may have 128 bits, for example. 
Which part of the serial number is shown is under control of 
some key bits. By using only a part of the serial number, 
hundreds of partial serial numbers can be derived from only 
16 ROM serial numbers, without even using the program- 
mable E^PROM sections of the serial numbers. The com- 
piler owner has secured copies of the 16 whole serial 
numbers so the compiler owner can compare partial serial 
numbers with sections of whole serial numbers. When a 
match is found, the compiler owner knows which serial 
number the partial serial number came from. The serial 
number is needed for the compiler 41 to produce software 
which comprehends the state of the IC logic. Some parts of 
the ROM are not serial numbers but they are secret bits 
which allocate some logic gates. How these gates are 
allocated is under control of only the ROM, and these gates 
should only occupy the lowest layers of the IC structure. 

The "partial serial number strategy" is intended to 
increase the complexity of the task facing adversaries who 
only observe information that is intentionally sent from a 
CPU chip. By using only a partial section of the serial 
number for each IC, hundreds of different CPU chips wdll 
send unique serial numbers based on only 16 ROM versions. 
Other sections of the serial numbers only will come from 
E^PROM cells, and so, they are unique to each IC. One 
example of how the key may select parts of the ROM serial 
number is to report the serial number after ignoring the first 
m bits of it, where m is a function of the key. Other ways 
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may skip odd bits in Ihe serial number and report only even 
bits, where that choice is determined as a function of the key 
(for example a cryptographic hash of the key). 

Adversaries may record and replay serial number frag- 
ments which are not valid for their CPU ROM and key 
combination. If they are sent software, then it is likely that 
it would not be usable on their CPU chip. 
Networked Interactions 

The invention can be programmed to require a handshake 
with a server to allow continued operation, or it can be put 
in stand-alone mode. The key can be changed remotely and 
new data formats and new software may be needed to 
continue operating. Physical protection of the key is easier 
than physical protection of programs, but if a key is discov- 
ered by an adversary, networked handshaking can make that 
captured key useless. Various plans can be created to dis- 
cover the existence of captured keys, and to deal with pirates 
in subtle ways, without their knowing they have been 
detected. While an old key can be prc>grammcd into the 
inventive IC to use an old program with old data, new 
programs and data formats for new keys will not be useful 
to pirates with old keys. 

FIG. 10 is a diagram of CPU 11 showing the use of shows 
the use of satellite access flags distributed at various physi- 
cal locations on the CPU 11 according to the invention. By 
placing various flags at different locations on the CPU, it is 
possible to provide a control function which is varied in 
accordance with the specific flag at that point. 
Satellite Access Flags Made Complicated 

Microprocessors and microcontrollers which are designed 
using the architectural features in this description may be 
used for satellite TV access electronics, smart cards, per- 
sonal computers, workstations, and embedded secure appli- 
ances for many purposes. Satellite TV access controllers 
(set- top boxes) may especially benefit from this architecture. 

According to the invention, security features have differ- 
ent layers of implementation. One layer allows each of 
multiple users to have the same security policy features. This 
permits some a program to be distributed to multiple users 
without creating customized variations of the programs for 
individual users. Thus, if, for example, a satellite broadcast 
were used to service large numbers of customers, that 
satellite broadcast could include a program which is func- 
tional on the computers owned by a large number of 
customers, without customizing the program for each indi- 
vidual user. A second layer of protection customizes the 
hardware logic and memory allocation, as described 
previously, so that commonly distributed programs would be 
produced in unique ways using common hardware. 

FIG. 10 is a diagram of CPU 11 showing the use of 
distributed access flags distributed at various physical loca- 
tions on the CPU 11 according to the invention. By placing 
various flags at different distributed locations on the CPU, a 
control function is varied in accordance with the specific flag 
used by the control function. 

Protection schemes for set-top boxes have a history of 
being more easily broken than other types of cryptographic 
circuits. This is because the satellites must broadcast the 
same cryptographic keys to many set-top boxes simulta- 
neously. Also, for fixed instruction set processors, it is easy 
to observe how the satellite key is used. The satellite key is 
stored in known locations on the chip and access approval 
flags are located in fixed locations. The inventive CPU 11 
will reduce these vulnerabilities. The storage for satellite 
keys would be scattered in many locations on the chip with 
extra storage available to disguise the satellite key. The 
location of the satellite key would be different for each key 
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and serial number, so a pirate has a more difficult task to 
observe a satellite key and to sell the satellite key. 

After an authorized set-top box has completed crypto- 
graphic calculations to enable reception of the TV 

5 programming, an "access flag" may be set to the enabled 
state. The access approval flag has also been an easy target 
for pirates: one flag bit can be set with a light beam to give 
the same access that a cryptographic calculation would have 
provided. With the keyed allocation of hardware logic and 

10 memory which this invention provides, and a large number 
of flag circuits available, arrangements can be made to use 
varying flag bit locations of both polarities, ones and zeros. 
Then, some simple pirate flag setting techniques would 
become obsolete. FIG. 10 shows how multiple access flags 

15 may be placed on the IC. 

In the case of multiple access flags, the multiple access 
flags are scattered around the chip in different locations. The 
access flags are also given different polarities so that some 
of the bits will be 0*s and some of the bits will be Ts to allow 

20 access. The precise arrangement of which bits are enabled 
with 1 and which with a 0 is determined by program 
instructions, including the variable instructions that are 
being executed. As a result, each chip is different in the way 
it is operated. Even though the physical layout of the chip is 

25 the same, as a result of the variable keys and access flags, the 
actual bit states (I's and O's) being represented at given 
portions of the chip will be different for each chip when it 
is in operation. 
This scattering of key bits and access flags is useful in 

30 preventing adversaries from either understanding or dupli- 
cating the results of program code execution. Therefore, 
even though the software source code itself may be one 
program, the hardware on the IC which uses this common 
program would be allocated differenfly under control of 

35 some key bits. To do this, keys are expanded into a set of 
expanded key bits, as previously described. Some of these ^ 
expanded key bits control instruction decoder operations and 
some do not. For satellite TV applications in which common 
software is distributed to many inventive ICs, the expanded 

40 keys would provide a common instruction decoding logic 
while providing an uncommon memory and logic allocation. 
Thus, the key has two separate functions which must be 
coded into the key when it is produced. 
Instructions Versus Data 

45 Data and instructions are two different categories of 
information and this invention is designed to use encrypted 
instructions regardless of the data format. It is emphasized 
that instruction encryption is the primary purpose of this 
invention, a second purpose is to scramble on-chip logic, 

50 memory, and signal allocations, and that data is either 
unprotected, or given some small protection which does not 
involve data encryption. This invention is not about data that 
is being scrambled by a standard microprocessor, it is about 
a microprocessor that is being scrambled to process standard 

55 data. 

On the chip, there will be RAM for data and RAM for 
instructions. Some of the bits in those memories will be 
there to obfiiscate the code, thereby confusing attackers. For 
example, if two numbers are added, the two operands can 

60 have extra bits that are not used. The result of addition in the 
arithmetic logical unit (ALU) can have extra bits of erro- 
neous information that are stored into the data RAM. This 
randomizes results within the processor so the attacker may 
not be able to deduce whether addition occurred, or if the 

65 operation was subtraction, or EX-OR or other possibilities. 
In addition, the data memory mapping would become dif- 
ferent for different chips. 
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There is an option to use a standard instruction set for an pipeline, hardware can check different bits in several instruc- 

ordinary computer language with non-standard data repre- tions to verify the vahdity. 

sentations. This provides an ability to perform mixed The Decode Stage of the pipeUne usually allows instruc- 

operation, in which standard op -codes are combined with tion folding, but this can be changed to allow instruction 

variable data representations. Therefore there are four ways 5 buffer dependency checking, to compose error correcting 

to operate: first, with standard instructions and standard data ^odes from the key and instructions, and to re-arrange bit 

formats; second, with encrypted instructions and standard substrings in the wide instructions to make decoding more 

data formats; third, with standard instructions and non- efiScient and to display camouflaging behaviour to any 

standard data numeric representations; and fourth, with unauthorized observers. Errors in the instructions wiU be 

encrypted instructions and non-standard data numenc rep- jq corrected at this stage. In addition, it is possible to include 

resentations. camouflaged bits in the instructions. The camouflaged bits 

DynamicaUy Varying Data Representation ^^^^ either be stripped, or checked by separate circuitry 

According to a further aspect of the invention, dynami- jj, ^^j^^ determine the existence of the camouflaged bits, 

cally varying representahon is used for data processed m a jhc Register stage of the pipeline will be involved with 

CPU. The dynamically varying representation is stifl usable ^5 ^^j^g variable numeric representations. Type checking of 

in arithmetic and logical operations without being data will important to using the correct arithmetic operations 

decrypted. There are many ways to represent numbers, and t^c operands involved. This stage will also perform error 

the inventive CPU hardware design will have apparatus to correction on data. 

operate on these multifarious representations, in coordina- Execute stage of the pipeline may involve Object 

tion with the compiler 41. The compiler 41 creates a 20 Field manipulation. Object Fields can have data that is 

schedule for varying the numenc data representations, and scrambled before they are presented to the CPU chip. During 

the chip follows this schedule to use the data correcUy. Execute stage, data can be unscrambled before being 

Examples of the proposed numeric representations arc: operated upon arithmetically. This makes the data less 

1. Data represented in Residue Number Systems can use usable outside of the setting of the inventive CPU. 

the Chinese Remainder Theorem to provide calcula- 25 The Cache stage of the pipeline writes audit information 

tions which some adversaries will find difficult to to a security cache which is not normally visible to unau- 

understand. For example, a number can be broken thorized users. Also, there is one extra register that is visible 

down into three parts under three secret moduli. The to users, and which can have various uses, such as a 

key would hold information on the three moduh, with- watchdog timer, which the program is required to write 

out which, the number cannot be easily re-assembled. 30 during the cache stage. At the security cache, any discrep- 

2; Radix conversions ancies which may have occurred earlier are noted, an audit 

3. Redundant Number Systems may be performed, and flag bits set. At this point, it is not 

When results are written to external memory, they are necessary to notify the user because the user may or may not 

written in blocks of w bytes, where w is from 1 to 32 usually. be an authorized user of the software. 

Not all of the results in this block are correct or useful 35 The Writeback stage of the pipeline may initiate a server 

results. Some results are correct results for a wrong opera- handshake. At that point, information regarding security 

tion to give an adversary the appearance of a behavior which flags may be transmitted back to the server, 

is not the behavior which is used in the program. This will In the inventive CPU, instruction op codes are provided in 

increase the difficulty of the task of an adversary who seeks such a pipeline architecture, and an information key is 

to understand relationships between instructions, operands, 40 established. The information key provides instruction secu- 

and results. For example, if two input data operands are rity commands in the multiple steps of the pipeline 

added, the data output block can contain both the sum and architecture, and an arithmetic logic unit (ALU, part of the 

the difference so an adversary may not know what instruc- logic 13 shown in FIG. 1) provides variability of logic 

tion was used to produce the answer. The key would circuitry for program execution. The execution can be 

determine the location of the correct answer. The destination 45 performed using encrypted op codes or using standard op 

for the output data block would need to have some coordi- codes that provide standard instruction operation types, 

nation to determine which parts of the output data block are Compiler Interactions 

correct. The compiler 41 will be designed to comprehend all 

Pipelined Architectural Implementation aspects of the CPU 11 implementation of the architecture 

Some microprocessors use pipelining of the arithmetic 50 described for this invention. The key that is shared with the 

logical unit (ALU) to obtain better performance. In this compiler 41 and the CPU 11 determines operating charac- 

example, which uses a pipeline with 6 stages, it will be teristics of the program counter, sequencer, wire crossings 

demonstrated how to implement some of the features of this for the instruction buffer, interdependencies in the instnic- 

invention into a pipelined architecture, tion buffer, error correcting plans, data representations, 

Each stage of the pipeline will contribute to the tech- 55 instruction encryption, output block size, memory 

niques which make the inventive CPU useful. The 6 stages allocation, secure memory partitioning, and all other details 

are labelled: fetch, decode, register, execute, cache, write- needed to use functions on the CPU 11. 

back. Also, the Instruction Cache has a line size of 128 bits, There is more than one way to implement the invention, 

which is the same as the instruction size of the preferred so more than one compfler type may be needed. In particular, 

embodiment. 60 the key can have two section: one for controlhng instruction 

In the Fetch stage of the pipeline, the instruction buffer encryption and execution, and another for controlling unre- 
holds four entries and the compiler 41 can use this buffer lated hardware reconfigurability. In other words, the corn- 
arrangement to provide interdependencies between instruc- piler 41 must be able to use a key so that a single encrypted 
tions in groups of four to increase the complexity for any instruction stream is available to many ICs which have 
attacks that may be attempted. Bits of instructions in the 65 different physical memory allocations, different result obfus- 
instruction buffer are set to cross-check each other in a cation circuit allocations, and various other reconfigurable 
manner similar to parity checking. At this stage of the logic resources which do not interfere with the execution of 
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a common encrypted instruction program used on many ICs. microprocessor chip as used in this invention can have light 

Then the invention would be able to thwart power analysis detectors or e-beam detectors that set off the alarm. It could 

techniques that seek to discover the key. Each time a smart detect the presence of probe capacitances, broken metal 

card cryptographic key is used in a transaction, logic could Mncs, and irregularities in bond-pad inductances. A silent 

be re-allocated so that power use would change. 5 alarm might cause a prompt to appear, for the user to send 

Key Management another code to the software manufacturer in the manner 

Key distribution could be handled securely by a variety of used for monthly billing audits. In essence, it is a silent 
means. In a preferred embodiment, each chip has a public alarm. The software company can then respond with some- 
serial number. A second number, the key, could be provided ^hing other than the usual permission code, 
by a Random Number Generator (RNG) on the CPU U. The lo Key bits and access flags may be placed in certain 
RNG may use the principles described in U.S. Pat- No. locations on a semiconductor die. A memory array of 
4,694,412 "Random Number Generator for Use in an E^PROM cells are used to hold the key bit. Numerous small 
Authenticated Read-Only Memor/Mo Alan Folmsbee. This arrays of E^PROM cells are scattered around the chip at 
RNG uses several oscillators with capacitive feedback from different locations. These bits are then used to store keys 
the random number to alter their frequencies. This RNG also 15 which will be on different physical locations on the die. 
has small local heaters that turn on and off at irregular Since the key bits are not always the same, each processor 
intervals to provide unique thermal histories for each session would be different. This means that the processor uses a 
of key generation. Thermal noise and radioactive decay also variable instruction set, and different hardware on each 
provide randomness. A key is generated by this RNG and it individual chip will be activated upon execution of the 
is stored in non-volatile memory. The RNG may also create 20 instructions. If address mapping is scrambled in a variable 
more serial number bits to be stored in programmable way, each chip executing this same logarithm will be acti- 
memory. In this way a user can customize the serial number, vated in a different way as a result of the hardware on the 
for added flexibility. ^^^P being activated in a different way. Protecting a key is 

The public key of the software company is loaded into the easier than protecting larger information sets, 

microprocessor chip as used in this invention. The key is 25 There are two common situations which deserve some 

encrypted with that public key. The encrypted key and the explanation: 

serial number are sent to the software company. The soft- 1 . The chip is in an embedded environment in which all 

ware company decrypts the encrypted key with its private instructions are under one key, such as a smart card or 

key and examines it to determine if it has acceptable set-top box for satellite TV. A tiny Card Operating 

statistical properties. If it passes those tests, the software 30 System in this case would be coded for the key and 

company uses that key to encrypt the purchased software would be held on the chip. 

with the algorithm that the invention requires. The software 2. The chip is. in an open system stich as a PC or 

company sends the encrypted software to the customer. That workstation where an Operating System (OS) is not 

software wifl only be executable on one microprocessor using a key. 

chip; that is, the one that generated the random key. 35 The first situation is the easiest to deal with. This will be 

The CPU 11 can have a large number of keys stored in where the CPU 11 is dedicated to one embedded situation 

E^PROM cells so that software may be executed. The where it uses one key for a long time. It can have its key 

software may therefore execute instructions from many changed by re -programming E^PROM cells. Then it uses the 

sources using different keys. Each key is comprised of new key for a long time. 

multiple bits which alter the instruction decoders, obfusca- 40 The second situation can use a null key (all zeros) where 

tion circuits, and the arithmetic logic unit (ALU). The the OS uses ordinary op-codes for its work, and then the 

software is not decrypted before execution, but selected secret key bits are used for the variable instruction set for 

software bits will be routed by "keyed wiring" to supply the non-OS tasks. On-chip memory is partitioned so there is a 

correct instruction, data, and address bits to the correct section which the OS cannot access because it is only tised 

circuit blocks. 45 for programs running under the key. When implemented for 

There would be a facility for the software to alter its own this scenario, the E^PROM ceUs holding the key bits are 

key under certain circumstances. For example, the software implemented as Non- Volatile RAM cells (NVRAM) where 

license may require monthly payments to be made. If the a default key bit is stored in the E^PROM cell section of the 

payments are not made, the software can alter the internal NVRAM cell, and a variable key bit may be written into the 

key. To accomplish this, a permission code may be required 50 RAM section of the NVRAM cell. This RAM section may 

to be downloaded from the Internet before the program is be all zeros, so it uses standard op -codes such as Java byte 

run a predetermined number of times. The chip sends an codes, or it can be a volatile key so that the chip will use 

audit code to the software company and then the permission non-standard instructions from a coded OS. 

code is sent from the software company which is a custom- There can be two programs interleaved (or more than two 

ized number for each microprocessor chip for one program. 55 if the added expense of IC real estate is provided to allow 

The intent is that the customized number permits the soft- several keys to be ready for use at any time). One program 

ware to be used by one user. The chip may give warnings can use the default key in the NVRAM cells and then, with 

about impending key modification, so the user has plenty of little delay, the key bit value in the RAM part of the 

time to get the permission code. While the program is NVRAM cells can become the controlling key bits, 

running, a real-time-clock emulation program can keep 60 When one key is in effect, the logic gates are aUocated to 

clock time so that it can tell when a time period has expired form a microprocessor under that key's command. When 

since the program was started. That is in addition to the limit another key is put in effect, the instruction decoder is 

of times the program can run without a new permission re -programmed to respond to the other instruction set. For 

code. A clock frequency detection circuit can detect whether this purpose, where switching instruction sets occurs 

the clock is stopped or slowed too much. 65 frequently, the instruction decoder should be controlled by 

Another circumstance may catise the software to erase its volatile RAM cells so that the endurance is not limited by 

own key; that is if the chip is being tampered with. The E^PROM cell endurance. 
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One configuration which may be useful in thai scenario is algorithm that the program implements. It is a goal of this 

the null-key configuration, with which standard op-codcs arc design to anticipate what pirates will try, and to provide 

used for standard OS or other purposes. No security is lost measures which will thwart those expected tactics. The 

when switching to a null -key because the on-chip memory microprocessor chip as used in this invention will have 

is partitioned to prevent the OS from reading memory 5 instructions, data, and addresses, as most computers do. The 

locations that are provided exclusively for the secret key. RAM for instructions will also have bits in each instruction 

The coded software under the key is not usable by the OS, that cause confusion for attackers, but which are ignored by 

so that does not need to be protected. Off chip memory is not the instruction decoder. 

protected, and the program must be written to recognize this In the past, secured embedded microcontrollers have 

fact. 10 usually used standard microprocessor architectures and have 

When the switch is made from one key to another key, the attached security enhancing hardware around this core. In 

state of the processor is saved to seciu-e on chip memory the inventive configuration, the architecture is designed with 

locations so that the state can be restored when the first key physical security in mind so that security hardware features 

again comes into effect. arc deeply embedded in the architecture, instead of around 

The CPU 11 uses the programmable instruction decoder 15 the periphery of the architecture, 

to decode encrypted instruction op codes. The decoding is One example of this plan is the way memory is used. Each 

accomplished without decrypting the op codes and logic memory type used on the invention (RAM, E^PROM, 

gates immediately process data. The data representation PROM, ROM, anti-fuse, fuse, laser-link) appears in several 

changes during the execution, which has the effect of block sizes in the physical layout. There is 1 bit memory 

securing the program from analysis for decryption. 20 which is used in logic in a static way. There should be 

A custom instruction set is provided for each CPU chip 11 hundreds of single bit memory blocks. There can be a 1 6 bit 

or groups of CPU chips. That custom instruction set would block of memory that is used to control reconfigurable logic, 

be used by the software manufacturer to send a unique There can be larger n bit arrays, as is normally seen on ICs. 

version of a mass produced program to a customer with a This tactic increases the complexity of the work that an 

microprocessor chip. The CPU is therefore programmed for 25 adversary may attempt. 

that custom instruction set. The length of each instruction, The execution of encrypted software is accomplished by 

and the other features of this invention should be configured modifying instruction sets in a CPU, thereby obviating the 

to have crypto graphically significant security when viewed necessity for decrypting encrypted software external of the 

from the IC pins. Pirates who examine signals inside the IC CPU. As a result, there is no decrypted output of the 

will be deterred from success by the encryption techniques. 30 software external of the CPU, By sufficiently protecting the 

A secret key is used by the IC and by the compiler 41 so that CPU from analysis during its operation, an attacker is denied 

the instructions produced by the compiler 41 are only access to a decrypted form of the software and is further 

executable by an IC which has the same key. The key is denied access to information with which to decrypt the 

stored on the IC in no n -volatile memory and it controls the software. 

instruction decoder, reconfigurable logic, signal routing, 35 A physical design for the CPU 11 can be done with 

error corrections to instructions, a sequencer circuit, and multiple layers of metal and with diffused conductors, so 

instruction buffer content interdependency checking. The that e-beam analysis is more difificult. Conductors used in 

key also determines the program counter operations which executing the encrypted code would be formed in this 

would not be incremented in the usual manner. The key also manner. As is well known to people who practice the art of 

controls instruction result obfuscation circuits so that com- 40 IC voltage-contrast imaging, it is usually necessary to have 

mon microprocessor results, such as the ANDing of two a stockpile of many ICs to etch back, cut apart, and to probe 

operands, are not easily recognized. The key controls so that ICs that are destroyed can be thrown away and be 

memory mapping in the I C so that physically fixed memory replaced by an identical IC. If each IC has uniquely pro- . 

resources are allocated in different ways for ICs with dif- grammed instruction sets, uniquely programmed address 

ferent keys. 45 decoders, and uniquely programmed obfuscator circuits, 

Optionally, data may be used in various numeric repre- then the pirate only gets one chance with one IC, If the pirate 

sentations which do not constitute encryption. These data destroys one IC, she cannot gel an identical IC to continue 

representations would be of varieties which can be imme- her work. She would have to start over again. Multiple layers 

diately evaluated by logic circuits. The data resulting from of metal can be used to cover up lower levels of metal. In 

program execution would be output from the IC in blocks so addition, p or n type silicon diffused conductors can be used 

which are larger than usual block sizes so that adversaries to hide signals below higher levels of interconnect, 

would have more difiBculty in benefitting from knowledge of It is further possible to implement the invention with a 

the data results. Data coding is of secondary importance in coprocessor in a system with an ordinary CPU. The output 

this invention, while instruction coding is of primary impor- of the inventive CPU is then provided to the user's com- 

tance. The varying data numeric representations are not 55 puter. In one variation of the invention, the inventive CPU 

expected to provide much security from highly skilled would be provided with multiple keys, including a fixed key, 

experts, but they are expected to prevent imskilled adver- and keys which are changed at different periodic rates, such 

saries from understanding the data. This technique raises a as yearly, monthly and at lesser time periods. While provid- 

barrier against some adversaries, without using data encryp- ing individual keys for individual CPUs, the ability of an 

tion. The compiler 41 will be notified, by means of the key 60 adversary attempting to decrypt the software is limited to the 

distribution information, of the variable data numeric rep- abihty to use that particular program on the particular CPU, 

resentalions so that it will compile instructions and data without an abiUty to use the encrypted program on a 

which conform to the data representations which the IC is different CPU. 

prepared to handle. It should be understood that various modifications within 

The way instructions are executed, an adversary attempt- 65 the scope of the invention can be made by one of ordinary 

ing to pirate the software will have diflSculty understanding skill in the art without departing from the spirit thereof, 

the results of instruction execution needed to reconstruct the therefore it is intended that the invention be defined by the 
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scope of the appended claims as broadly as the prior art will 
permit, and in view of the specification if need be. 
What is claimed is: 

1. A processor for processing securely executable com- 
puter programs adapted for execution exclusively on pro- 
cessors specifically adapted for the security of said computer 
programs, comprising: 

an instruction buffer for receiving code portions including 
register bits comprising instructions from a securely 
executable computer program, said instruction buffer 
including a predetermined plurality of bit locations in a 
predetermined format; and 

logic circuitry including a programmable instruction 
decoder enabling interpretation of instructions stored in 
said instruction buffer according to the predetermined 
format at said plurality of bit locations, said logic 
circuitry configured to route said register bits to sub- 
sequent bit locations according to a predetermined 
interdcpendency ciitcrion. 

2. The processor of claim 1, further comprising: 

a store for a key shared with a compiler, the key used by 
the compiler to encrypt standard instructions into 
encrypted instructions; and 

the routing of the register bits controlled in accordance 
with the key. 

3. The processor of claim 1, wherein: 

the plurality of bit locations are provided in a block which 
is larger than required for standard instructions, thereby 
providing an excess of register bits; and 

the logic circuitry providing the verification by checking 
bits within said excess of register bits. 

4. The processor of claim 1, further comprising: 
program instructions provided in a pipeline architecture; 

and 

an information key established as instruction security 
commands at a plurality of steps in said pipeline 
architecture, wherein an arithmetic logic unit (ALU) 
provides variability of logic circuits for execution of 
encrypted op codes or standard op codes that provide 
standard instruction operation types. 

5. The processor of claim 4, further comprising: 

the key stored in more than one memory cell type includ- 
ing a Read Only Memory (ROM), an Electrically 
Erasable Programmable Read Only Memory 
(E^PROM), and a Random Access Memory (RAM); 

the keys including bits expandable into a larger set of bits 
which control the instruction decoder, signal routing, 
and logic circuit reconfiguration; 

a serial number in ROM which participates in the allo- 
cation of logic circuits and routing of signals, and 
communicated to the compiler to inform the compiler 
of custom allocation and routing; and 

the key providing a capability of controlling signal 
routing, and logic circuit reconfiguration whether the 
instructions are encrypted instructions or standard 
instructions. 

6. The processor of claim 5, wherein: 

a plurality of reconfigurable logic circuits have a capa- 
bility of calculating results of execution of an instruc- 
tion; 

said plurality of the logic circuits include provisions for 

accepting correct data operands and plausible wrong 

data operands; and 
said plurality of the logic circuits include provisions for 

outputting correct results along with plausible wrong 

results. 



7. The processor of claim 6, wherein the output register 
for data results have a capability of containing both correct 
results and plausible wrong results which arc in word 
locations in the output register, the locations of the results 

5 coordinated by the key. 

8. The processor of claim 7, further comprising: 

a plurality of the memory locations dispersed within a 
layout; 

a plurality of reconfigurable logic circuits able to calculate 
jQ results of execution of an instruction; 

said plurality of the logic circuits including provisions for 
accepting correct data operands and plausible wrong 
data operands; and 
said plurality of the logic circuits including provisions for 
J 5 outputting correct results along with plausible wrong 
results. 

9. The processor of claim 8, further comprising: 

the key providing a capability of re-allocating memory 
resources and register resources; 

a serial number in ROM which participates in the allo- 
cation of logic circuits and routing of signals; and 

the serial number used in combination with the key in 
providing said capability. 

10. The processor of claim 1, wherein: 

25 the subsequent bit locations must conform to a predeter- 
mined interdependency criteria corresponding to said 
predetermined format subsequent to execution of at 
least one instruction by the logic circuitry; and 
the logic circuitry provides a verification of the interde- 

30 pendency criteria. 

11. The processor of claim 1, further comprising: 
reconfigurable logic circuits calculating the results of the 

execution of an instruction; 
said portion of the logic circuits including provisions for 
35 accepting correct data operands and plausible wrong 

data operands; and 
said portion of the logic circuits including provisions for 

outputting correct results along with plausible wrong 

results. 

^ 12. The processor of claim 10, further comprising: 

a store for a key shared with a compiler, the key used by 
the compiler to encrypt standard instructions into 
encrypted instructions; 
the key stored in more than one memory cell type includ- 
ing a Read Only Memory (ROM), an Electrically 
Erasable Programmable Read Only Memory 
(E^PROM), and a Random Access Memory (RAM); 
the key including bits expandable into a larger set of bits 
which control the instruction decoder, signal routing, 
and logic circuit reconfiguration; 
a serial number in ROM which participates in the allo- 
cation of logic circuits and routing of signals, and 
communicated to the compiler to inform the compiler 
of custom allocation and routing; and 
the key providing a -capability of controlling signal 
routing, and logic circuit reconfiguration whether the 
instructions are encrypted instructions or standard 
instructions. 

60 13. The processor of claim 1, wherein a choice is provided 
of using encrypted instructions or standard instructions. 
14. The processor of claim 1, fiu-ther comprising: 
program instructions provided in a pipeline architecture; 
and 

65 information keys established as instruction security com- 
mands at a plurality of steps in said pipeline 
architecture, 
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wherein an arithmetic logic unit (ALU) provides variabil- 
ity of logic circuits for execution of encrypted op codes 
or standard op codes that provide standard instruction 
operation types. 

15. The processor of claim 1, wherein; 5 
said routing causes an output of correct results along with 

plausible wrong results; and 
the correct results are provided in word locations in the 
output register coordinated by the key. 

16. The processor of claim 1, further comprising: 

a store for a key shared with a compiler, the key used by 
the compiler to encrypt standard instructions into 
encrypted instructions; and 

data and instructions provided to a computer via program 
information includes an intentional introduction of 35 
errors correctable with error conection algorithms, said 
correction algorithms pre-selected according to the key. 

17. A microprocessor for processing computer programs 
which are selectively operable on selected ones of individual 
microprocessors, comprising: 

a store for a key shared with a compiler, the key used by 
the compiler to encrypt standard instructions into 
encrypted instructions; and 

an instruction buffer which contains logic able to route a 
subset of register bits from any bit locations in the 
buffer to destination logic circuits which reach a pro- 
grammable instruction decoder, the routing of the reg- 
ister bits controlled in accordance with the key. 

18. The microprocessor of claim 17, further comprising: 
program instructions provided in a pipeline architecture; 

and 

an information keiy established as instruction security 
commands at a plurality of steps in said pipeline 
architecture, wherein an arithmetic logic unit (ALU) 
provides variability of logic circuits for execution of 
encrypted op codes or standard op codes that provide 
standard instruction operation types. 

19. The microprocessor of claim 17, further comprising: 
the key stored in more than one memory cell type includ- 
ing a Read Only Memory (ROM), an Electrically 
Erasable Programmable Read Only Memory 
(E^PROM), and a Random Access Memory (RAM); 

the keys including bits expandable into a larger set of bits 
which control the instruction decoder, signal routing, 
and logic circuit reconfiguration; 

a serial number in ROM which participates in the allo- 
cation of logic circuits and routing of signals, and 
communicated to the compiler to inform the compiler 
of custom allocation and routing; and 

the key providing a capability of controlling signal 
routing, and logic circuit reconfiguration whether the 
instructions are encrypted instructions or standard 
instructions. 

20. The microprocessor of claim 19, ftirther comprising 55 
an output register for data results able to contain both correct 
results and plausible wrong results which are in word 
locations in the output register coordinated by the key, 

21. The microprocessor of claim 20, further comprising: 
a plurality of reconfigurable logic circuits able to calculate 

results of execution of an instruction; 
said plurality of the logic circuits including provisions for 

accepting correct data operands and plausible wrong 

data operands; and 
said plurality of the logic circuits including provisions for 65 

outputting correct results along with plausible wrong 

results. 
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22. The microprocessor of claim 20, further comprising: 
a pluraUty of the memory locations dispersed within a 

layout; 

a plurality of reconfigurable logic circuits able to calculate 

results of execution of an instruction; 
said plurality of the logic circuits including provisions for 

accepting correct data operands and plausible wrong 

data operands; and 
said plurality of the logic circuits including provisions for 

outputting correct results along with plausible wrong 

results. 

23. The microprocessor of claim 17, further comprising: 
the key providing a capability of re-allocating memory 

resources and register resources; 

a serial number in ROM which participates in the allo- 
cation of logic circuits and routing of signals; and 

the serial number used in combination with the key in 
providing said capability. 

24. The microprocessor of claim 17, wherein a choice is 
provided of using encrypted instructions or standard instruc- 
tions. 

25. The microprocessor of claim 17, wherein the instruc- 
tion buffer interdependency checking logic includes any 
combination of the following: 

multiplexers to select a subset of bits from each long 
instruction word in the instruction buffer to be logically 
combined to match a sequencer value; 

a sequencer incremented at times determined by a key and 
which is reset upon the occurrence of the sequencer 
reset code in the instruction buffer; 

distribution of bits for one encrypted op code across 
several long instruction words in the instruction buffer; 

distribution of several encrypted op codes around the long 
instruction words in the instruction buffer; 

a program counter which does not normally increment by 
one, but which increments by some other constant or 
variable amount determined by the serial number, the 
key, and the sequencer value so that encrypted op codes 
which will be used sequentially in time do not occur 
sequentially in the instruction buffer, and for which, the 
time sequential chosen op codes are selected by the 
multiplexer controlled by the key, the serial number, 
and the sequencer; 

error correction circuits controlled by the key, sequencer, 
and supplementary error correcting codes received 
from the instruction buffer by means of the multiplex- 
ers; and 

dependency validation codes received through the multi- 
plexer of the instruction buffer checked by logic cir- 
cuits that depend on the key, the serial number, instruc- 
tion bits, and camouflage bits. 

26. Th& microprocessor of claim 25, wherein dependency 
validation codes are received through the multiplexer of the 
instruction buffer checked by logic circuits that depend on 
the key, the serial number, instruction bits and camouflage 
bits so that incorrect validation bits provide an alarm. 

27. The microprocessor of claim 26, further comprising: 
a plurality of storage locations for keys, with the keys 

further determining storage locations of satellite keys 
and satellite access flags, said locations intentionally 
varied; 

key-dependent storage of remote access approval flags, 
the remote access approval flags encoded so as to 
obscure the locations of said approval flags; 
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the logic circuitry able to use a null key for a default 
unencrypted instruction set with partitioning of 
memory resources between those used for with null key 
programs and those used for the keyed programs; and 

the logic circuitry able to select from any of several stored 
keys so that several independent encrypted and unen- 
crypted programs may be executed sequentially by 
inslalhng each different key when needed, which also 
reallocates memory and register resources that are 
securely partitioned from each other. 

28. The microprocessor of claim 27, further comprising: 
logic for requiring network handshaking, the network 

handshaking further used to provide additional key 
information for continued operation. 

29. Method of processing computer programs on a 
selected one of individual microprocessors, the method 
comprising: 

buffering a first set of instructions as register bits; 
providing an excess of register bits; 
executing the instructions; 
buffering further instructions as register bits; and 
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providing a verification of said first set of instmctions and 
said further instructions conforming to a predetermined 
criteria. 

30. The method of claim 29, further comprising: 
using a plurality of the reconfigured logic circuits to 

calculate results of execution of an instruction; 
accepting correct data operands and plausible wrong data 

operands with said plurality of the logic circuits; and 
outputting correct results along with plausible wrong 

results from said plurality of the logic circuits. 

31. A microprocessor for processing computer programs 
selectively operable on selected ones of individual 
microprocessors, comprising: 

at least one memory location for receiving logic instruc- 
tions for executing encrypted program instruction; 

logic circuitry for modifying operation in accordance with 
logic instructions stored in said memory location; and 

logic circuitry configurable in accordance with the 
received logic instructions. 
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